The vulnerability allows a local user to obtain hardcoded credentials.
The vulnerability exists due to usage of hardcoded password to access back-end database. A local user can obtain password and gain unaithorized access SCADA system.
Successful exploitation of the vulnerability may allow an attacker to gain complete control over the industrial process.
Note: this vulnerability is being actively exploited by the Stuxnet malware.
Hardcoded credentials
The vulnerability allows a local user to obtain hardcoded credentials.
The vulnerability exists due to usage of hardcoded password to access back-end database. A local user can obtain password and gain unaithorized access SCADA system.
Successful exploitation of the vulnerability may allow an attacker to gain complete control over the industrial process.
Note: this vulnerability is being actively exploited by the Stuxnet malware.
i
The vulnerabiilty was used by Stuxnet malware together with CVE-2012-3015.
Software:
Siemens SIMATIC WinCC
The vulnerabiilty was used by Stuxnet malware together with CVE-2012-3015.